It has become common for mobile terminals such as cell phones, palmtop computers and laptop computers to browse the Internet and conduct e-commerce transactions such as on-line purchasing, on-line share trading, and the like. These applications inevitably require the user to enter sensitive personal information into the mobile terminal. However, the small form factor of hand-held mobile terminals and the fact that the user may use the mobile terminal while in motion limit the data-entry possibilities. For example, unless one can memorize his/her credit card number and expiration date, the user experience of holding the credit card in one hand and entering numbers into a wireless telephone with the other hand is unfavorable.
One method sought to improve the data-entry experience itself. For example, instead of using keypad or stylus, the user was enabled to read the personal information into the mobile terminal, and a speech recognition program in the terminal recognized the information. Even though the data-entry experience had been improved, the user still has to remember the personal information (such as the credit card number) to complete the transactions. This becomes difficult as more and more personal information is to be remembered.
In another method, some application software such as a web browser may give the user the option of saving the user name and/or password (such as cookies) to a website. Subsequently, when the user browsed the same website, he/she could re-use the saved user name and/or password without re-entering the data.
Even with cookies, the user still had to remember the personal information to be input, such as the number of the credit card used to complete the transactions, at least for the first transaction with a given website. This became difficult as the user needed to remember more and more personal information.
In such a system, often the software/system/application designer, rather than the user, decided what kind of information could be saved. In some web sites, the web browser may have allowed the user to save a user name and/or password to a particular website, but did not allow the user to save the credit card information, and vise versa. Also, the software/system/application designer, rather than the user, often decides when/where/how the saved personal information (such as the password) could be used. For example, a website may have offered to save a user's credit card number and the next time the user logged onto the same website may have allowed the user to re-use the saved information without re-entering it. However, if the user browsed another website, he/she had to re-enter the credit card information again.
Another issue in the prior art is the lack of security. Mobile terminals such as mobile phones are more likely to be lost or stolen than desktop computers, which are normally secured by locked buildings. One security flaw is that anyone stealing the mobile terminal embedded with cookies or the like stored therein could readily log into the website for which the user name and password had been saved, as the terminal typically did not require the user to enter the user name and password again. Another security flaw is that such systems typically saved the personal information into a file in the file system. The file could become available to anyone who had access to the mobile terminals. In fact some experts are recommending that users should not accept cookies even in the more secure desktop environment, especially when the computer might potentially be shared by more than one user.
Another method included the use of personal identification number(s) (PIN/PIN2) on a GSM mobile phone. In these systems, PIN/PIN 2 is used to limit access to the phone by (un)locking the SIM card or keypad. However, PIN/PIN 2 cannot be used to save other personal information for later use in e-commerce etc, nor can be used to secure the contents in the phone. Unfortunately when a phone is stolen/lost, in most cases, the phone is already unlocked by the original owner. The PIN/PIN 2 is not ‘personal’ either, as it can be changed/reset by the operator.
Improved methods and apparatus are desired.